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Detailed Description Text - DETX (9) : 

The synchronizer generates a signal to the controller 36 
which monitors the 

various control signals coming from the facsimile machine 
and sequences all of 

the operations within the facsimile scrambler. The 
controller 36 contains a 

fail-safe alarm circuit used to continuously monitor the 
output of the 

enciphered bit stream to detect indications of key 
generator failure while in 

the private transmitting mode. In addition, the overall 
system has been 

designed in such a way that no single failure in the 
private mode can cause 

inadvertent transmission of clear text. 



Detailed Description Text - DETX (13) : 

Operation of the system shown in FIG. 2 is fully 
automatic, thereby allowing 

completely unattended reception of both clear and private 
scramble messages 

intermixed with one another. Normal facsimile transmission 
in the private mode 

requires no special action on the part of the operator. 
Usually, the operator 

will be unaware that the scrambler is in use. If the 
operator chooses to send 

a picture or document in clear mode, the operator must make 
a special effort 

and depress the clear push button 38. The clear push 
button 3 8 must be 

depressed until the clear indicator comes on at the 
beginning of the 
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transmission, afterwhich the clear indicator light will 
show that the machine 

is in the clear mode. The system has a special alarm 
circuit which monitors 

the output of the key generator 4 0 for a failure which 
would compromise the 

transmission. In addition, if there is a power failure or 
if other critical 

components in the scrambler fail during a transmission, the 
system goes into an 

alarm state and opens the transmit video path. 

Detailed Description Text - DETX (123) : 

The clear facsimile signal to be scrambled by the 
present device is normally 

quantized into black or white information, enciphered and 
transmitted via the 

built-in facsimile machine modem. In applications wherein 
higher security, 

resulution and a lower error rate are required, an external 
modem may be 

utilized. Operation of the present device is fully 
automatic, thereby allowing 

completely unattended reception of both clear and private 
scramble messages 

intermixed. Normal facsimile transmission in the private 
mode requires no 

special action on the part of the operator. The present 
system is designed in 

such a manner that no single failure in the scramble mode 
can cause inadvertent 

transmission of clear text. A fail-safe circuit is 
utilized to continuously 

monitor the output scramble bit stream for key generator 
failure while in the 
transmit scramble mode. 
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Brief Summary Text - BSTX (4) : 

Thus far, the need for security of a OA's private 
signature key has been 

addressed by providing a "certificate signing unit" (CSU) , 
which is a 

tamper-proof secure module satisfying standards set forth 
in Federal 

Information Processing Standard (FIPS) PUB 140-1, level 3 
or 4 as issued by the 

U.S. Dept. of Commerce, National Institute of Standards 
and Technology 

(NIST) . Such a CSU generates its public/private signature 
key pair internally, 

"confines" the private signature key securely and 
permanently inside an area of 

the device that cannot be read externally, and outputs only 
the corresponding 

public key, which will be used to verify its signatures. 
One CSU available 

from Bolt, Baranek, and Newman of Boston, Mass. (BBN) is 
configured to allow a 

back-up version of its private signature key to be created 
using a "K-of-N 

threshold" scheme, in which the private key is split into N 
shares and placed 

on small plastic data-keys, each of which contains a memory 
chip . The 

data-keys are a patented product of Datakey, Inc. of 
Burnsville, Minn. Then, 

should the CSU device be destroyed, a quorum of at least K 
data-keys can 

reconstruct the private key. 



Brief Summary Text - BSTX (14) : 
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If, during the initial generation of operational shares, 
a whole signature 

key is generated, the whole signature key is destroyed 
after shares are 

distributed. Because the risk of loss from the theft or 
compromise of any one 

device is now greatly reduced, the information content of 
each signing device 

can be now duplicated (e.g., for remote backup or for a 
plug- in replacement or 

"hot" standby) so that if any device fails, it can be 
replaced (or 

reconstituted) and service can resume quickly. The 
consequence of subversion 

of any individual signing device is lowered, because the 
signing operation 

cannot be completed with a single device. 

Detailed Description Text - DETX (158) : 

The risk (consequences) of theft or destruction of 
signing devices has been 

reduced by virtue of the multi-step signing process and the 
fact that no single 

signing device is capable of forging a signature or 
divulging information 

sufficient to forge a signature. The information content 
of a signing device, 

including the SWA key share, can therefore be transferred 
to another device, 

e.g., when upgrading signing device hardware or for back-up 
purposes . 

Detailed Description Text - DETX (185) : 

As an alternate back-up method, up the decryption key 
shares can be escrowed 

off-line with an independent trust institution as described 
in copending U.S. 

patent application Ser. No. 08/181,859 now abandoned and 
Ser. No. 08/277,438 
now abandoned. 
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